/**
 * Copyright (c) 2010 S9,Inc.All rights reserved.
 * Created by 2010-7-16 
 */
package cn.jdy.common.ctrl;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.jdy.authority.entity.SysMenu;

import java.io.IOException;
import java.util.List;

/**
 * 系统资源权限过滤器
 * 
 * @author: zhaiguangtao
 * @data: 2013-7-1
 */
public class AdminSecurityFilter extends SecurityFilter {

  /**
   * 权限过滤
   */
  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;

    // 替换 项目部署路径 ，只留项目相对根路径
    String uri = req.getRequestURI().replaceAll("^" + req.getContextPath(), "");

    // 1，白名单判断
    if (!uri.matches(super.urls)) {
      // 2，登录判断
      Object so = req.getSession().getAttribute("user");
      if (so == null || so.equals("")) {
        req.setAttribute("msg", "登录超时，请重新登录!");
        super.forword(req, res, req.getContextPath());
        return;
      } else {
        // 此处只针对服务操作，排除jsp资源考虑在拦截器中做权限处理
        // 通过组件uri前缀 和 web页面组件目录名来做组件权限判断，例如 news/list ,platform/menu.jsp
        
        // 获取数据库中所有的菜单
        List<SysMenu>  dbmenus = (List<SysMenu>)req.getSession().getAttribute("dbmenus");
        if (dbmenus!=null) { // 数据库中有菜单
          // 截取菜单地址前第一个/，例如/init.jsp改成init.jsp
          if (uri.indexOf("/") == 0) {
            uri = uri.substring(1);
          }
          // 循环判断数据库中是否存在该菜单
          int flag1 = 0;
          for (SysMenu menu : dbmenus) {
            String url = menu.getUrl();
            if (url != null) {
              // 截取菜单地址前第一个/，例如/news/list改成news/list
              if (url.indexOf("/") == 0) {
                url = url.substring(1);
              }
              // 匹配上则表示数据库存在该菜单
              if (url.equals(uri)) {
                flag1 = 1;
                break;
              }
            }
          }
          // 如果数据库中存在该菜单
          if (flag1 == 1) {
            // 获取该用户拥有的菜单权限
            List<SysMenu>  resourceList = (List<SysMenu>)req.getSession().getAttribute("resourceList");
            
            // 循环判断该用户是否拥有当前菜单权限
            int flag2 = 0;
            for (SysMenu sysmenu : resourceList) {
              String url = sysmenu.getUrl();
              if (url != null) {
                // 截取菜单地址前第一个/，例如/news/list改成news/list
                if (url.indexOf("/") == 0) {
                  url = url.substring(1);
                }
                // 匹配上则表示有权限
                if (url.equals(uri)) {
                  flag2 = 1;
                  break;
                }
              }
            }
            
            // 如果没有访问权限则跳转到指定页面
            if (flag2 == 0) {
              super.forword(req, res, req.getContextPath()+"/error/noSecurity.html");
              return;
            }
          } // end--> if (flag1 == 1) {
        } // end--> if (dbmenus!=null) {
      }
    }
    chain.doFilter(request, response);
  }

}
